| Summary: | spice new security issue CVE-2013-4130 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | cjw, fundawang, geiger.david68210, olav, sysadmin-bugs, tmb |
| Version: | 3 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/563138/ | ||
| Whiteboard: | MGA2TOO has_procedure mga3-32-ok mga3-64-ok mga2-64-ok mga2-32-ok | ||
| Source RPM: | spice-0.12.2-5.mga3.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2013-08-12 20:05:23 CEST
David Walser
2013-08-12 20:05:39 CEST
CC:
(none) =>
cjw, olav This was fixed upstream in 0.12.4. Funda fixed this in Cauldron in spice-0.12.4-1.mga4. CC:
(none) =>
fundawang Christiaan, was this OK when Funda removed your patch? http://svnweb.mageia.org/packages/cauldron/spice/current/SPECS/spice.spec?r1=456769&r2=456776 It says that the patch was for more than fixing automake, it also made it use the spice-protocol package instead of a bundled copy... It definitely looks like Mageia 2 is also affected. The first hunk of the patch applies: http://cgit.freedesktop.org/spice/spice/patch/?id=53488f0275d6c8a121af49f7ac817d09ce68090d Because of code changes, the second doesn't apply, but I imagine that change is supposed to still go somewhere (there are functions using RING_FOREACH), it just isn't immediately clear where. Alpine Linux believed they fixed this in spice 0.10.0 by just applying the first hunk: http://git.alpinelinux.org/cgit/aports/commit/?id=0840b37ba1b61fc6068907d72ce76359dface9e4 As found here: http://bugs.alpinelinux.org/issues/2162 which itself was found here: http://bugs.alpinelinux.org/issues/2159 I'm using Alpine's patch for Mageia 2, hopefully that's sufficient. Patched packages uploaded for Mageia 2 and Mageia 3. Advisory: ======================== Updated spice packages fix security vulnerability: An user able to initiate spice connection to the guest could use a flaw in server/red_channel.c to crash the guest (CVE-2013-4130). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4130 https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113748.html ======================== Updated packages in core/updates_testing: ======================== spice-client-0.10.1-1.1.mga2 libspice-server1-0.10.1-1.1.mga2 libspice-server-devel-0.10.1-1.1.mga2 spice-client-0.12.2-5.1.mga3 libspice-server1-0.12.2-5.1.mga3 libspice-server-devel-0.12.2-5.1.mga3 from SRPMS: spice-0.10.1-1.1.mga2.src.rpm spice-0.12.2-5.1.mga3.src.rpm Assignee:
bugsquad =>
qa-bugs Should be able to test this with virt-manager http://www.linux-kvm.org/page/SPICE set up virt-manager as in the link above then once started used.. $ spicec -h 127.0.0.1 -p 5900 to connect to it and display the running machine. It cuts off after a second or two, i think probably due to virt-manager's own internal spice client competing for the connection. Does virt-manager need to be updated too for this CVE? Oops forgot mga3 64 testing complete Whiteboard:
MGA2TOO =>
MGA2TOO has_procedure mga3-64-ok Does virt-manager work with the release version and not the update? I really don't know anything about this stuff. Looks like it uses python-spice-client-gtk so might not be necessary # urpmq --requires virt-manager Testing complete mga3 32 Whiteboard:
MGA2TOO has_procedure mga3-64-ok =>
MGA2TOO has_procedure mga3-32-ok mga3-64-ok Testing complete mga2 64 Whiteboard:
MGA2TOO has_procedure mga3-32-ok mga3-64-ok =>
MGA2TOO has_procedure mga3-32-ok mga3-64-ok mga2-64-ok Testing complete mga2_32, ok for me nothing to report. CC:
(none) =>
geiger.david68210 Thanks David. I've been having trouble getting virt-manager to work with spice on mga2 32 in my lxde vbox install. Validating. Advisory uploaded. Could sysadmin please push from 2 & 3 core/updates_testing to updates Thanks! Keywords:
(none) =>
validated_update Update pushed: http://advisories.mageia.org/MGASA-2013-0255.html Status:
NEW =>
RESOLVED |